The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

user database, login, etc.

Hi,

I'm not sure whether this is the correct forum to post this thread on, so I apologize in advance if it is inappropriate.

How does one go about implementing a user database for a website, with secure login, etc, and a user database containing relevant information (probably just name and email address for now -- perhaps this should be discussed more later).

I expect the answer to be some combination of Java/Ajax/SQL or something, but I don't really know where to start my research in this area.

I am an experienced programmer and willing to get my hands dirty, so don't hold back

Database layer: The importance of database choice is debatable, but you'll obviously need one. Oracle, MySQL and postgres are all good choices. Regardless of your choice, the database will understand standard SQL.

Application/Business layer: Java Servlets are a good place to start. For more complicated apps (and once you understand how servlets work) there are various frameworks available, such as Struts.

Presentation layer: a mixture of HTML and CSS, and possibly Javascript and AJAX, built on top of JSPs.

Hardware layer: a least one machine to host your database and a Servlet Container (Java Server), such as Tomcat.

If you're using JSP/Java/Servlets/Tomcat then the basic components are:

1. Create your site pages as JSPs. One (or more) of these will have a login form. You can make this secure via SSL or opt for something more basic (e.g. use javascript to create a MD5 digest of the password). Either way, don't submit their credentials as plain text.

2. The login form will submit the details to a servlet. The servlet will perform a SQL query to validate the details. If valid, then the user's details can be stored in a session so that they remain 'logged in' for other pages they access. Sessions can be configured (e.g. in Tomcat) to expire after a certain time.

3. The database should have a table that stores user details.

A popular (and free) choice of infrastructure would be Tomcat and MySQL. Getting servlets to make a JDBC connection to the database can be 'fun' the first time you try it but there are plenty of examples online.

I'm not sure whether this is the correct forum to post this thread on, so I apologize in advance if it is inappropriate.

How does one go about implementing a user database for a website, with secure login, etc, and a user database containing relevant information (probably just name and email address for now -- perhaps this should be discussed more later).

I expect the answer to be some combination of Java/Ajax/SQL or something, but I don't really know where to start my research in this area.

I am an experienced programmer and willing to get my hands dirty, so don't hold back

I appreciate any advice you can offer.

Thanks,
- Dave H.

If you're open to using Groovy/Grails instead of "straight" Java, I've started a project to prepackage much of this sort of basic functionality. Code is up at http://code.google.com/p/grailskit/. Even if you're not using Groovy/Grails, perhaps looking at the code would give you some ideas about how to handle this sort of thing.